AI Worms Cross from
Theory to Working Code
Researchers deployed malware that uses LLMs to generate tailored
attack strategies for each machine it encounters, abandoning the
fixed-exploit model of traditional worms in favour of adaptive,
on-the-fly tactics. Crucially, the worm parasitically uses the compute
of compromised hosts — flipping the defender/attacker cost ratio in the
wrong direction. The paper’s own framing: “self-sustaining AI-driven
cyber-threats are no longer theoretical.”
Gwern: Get to
Human-Like AI by ‘Catapulting’
Gwern Branwen argues human-like intelligence might be achievable by
“catapulting” — training vastly overparameterised models (10–100+
trillion params) on tiny datasets with high learning rates and strong
regularisation, betting on a phase transition from memorisation to true
generalisation. The proposal leans on grokking research showing models
that abruptly leap to algorithmic solutions after long, unpromising
training. The mechanism, he argues, is closer to how human brains learn
from remarkably small data than today’s scaling laws are.
Where the Tokens
Actually Go: Code Review
A study of 30 software-engineering tasks found iterative code review
phases account for 59.4% of token consumption in LLM-based multi-agent
systems; input tokens are 53.9% of total usage. The result reframes
where costs accumulate in agentic engineering — refinement and
validation, not initial generation, is the expensive part.
Sem: Semantic Diffs on Top of
Git
A new CLI offers “semantic understanding on top of Git” — tracking
changes at the function and entity level rather than line-based diffs,
with cross-file dependency graphs, structural hashing, and per-entity
Git history. The team’s claim with teeth: AI agents are 2.3× more
accurate given Sem output instead of raw line diffs.
Designing in Claude, Not
Figma
Jane Street’s Edwin Morris writes about replacing Figma with Claude
for UI prototyping — building working artefacts straight away rather
than mockups, enabling “free, unlimited iteration” and immediate user
testing. He’s honest about the cost: collaborative review gets harder
when teammates see a fully-baked feature instead of a sketch, and the
design space narrows around what the model finds easy.
Treehouse, Zeroserve,
and Rethinking fork()
Three workflow-adjacent pieces landed together.
Treehouse assigns a stable number to each Git worktree,
deriving per-worktree ports, database names, and config from it —
letting multiple feature branches run side-by-side without environment
collisions. Zeroserve is an HTTPS server where
configuration is code: C programs compiled to eBPF bytecode
handle routing, auth, rate-limiting, and proxying as JIT-compiled
middleware. And LWN covers kernel proposals to move beyond fork() +
exec() — spawn templates, a pidfd-based builder API, io_uring approaches
— so POSIX spawn() can finally have a native implementation that doesn’t
hide the cost of copying state only to discard it.
DeVault: The FOSS
Circus Around Mental Health
Drew DeVault calls out the open-source community’s “circus” around
developers in mental-health crisis — using Kent Overstreet’s recent
situation and historical cases like TempleOS to argue that communities
lapse into “rituals of humiliation, harassment, and voyeurism” when
peers struggle in public. His ask is plain: compassion and privacy over
entertainment.
29th IOCCC Announces 2025
Winners
The International Obfuscated C Code Contest revealed 22 winning
entries for 2025, including a quasi-rogue-like game, a GameBoy emulator,
and an ocean-sound generator — proof of life for C’s creative
tradition.